> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Scott M
> Stark
> Sent: Wednesday, April 04, 2001 1:26 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [JBoss-user] JBoss and JDK 1.2.2
>
> > As an aside, I do not understand how security context information is
> > actaully being propogated through JNP when doing a 1.1 style lookup and
> > usage of a bean. The client supplies the principal and credentials when
> > getting the connection, but JNP simply supplies code for doing
> bindings and
> > lookups, and relies on builtin RMI code for support services
> like transport;
> > when and how is security context information sent over so that
> it can later
> > be used/validated when calling bean methods?
> >
> JNDI is not used for identity progation in JBoss. The principal
> and credentials
> are associated with the client side EJB proxy layer using the
> org.jboss.security.SecurityAssociation
> class. These values are marshalled along with the EJB home and
> remote interface method
> invocations. The standard way to set this information is to do a
> JAAS login using
> the org.jboss.security.ClientLoginModule. This simply sets the
> SecurityAssociation
> principal and credentials to those passed in via the application
> CallbackHandler.
Thanks. This is what I assumed looking at the documentation for the JAAS
based code. Now I realize the JAAS and associating a security context with
the client thread is the solution moving forward, but does this not mean
that the current implementation is not compliant with EJB 1.1? Unfortunatley
my EJB spec is at work, but I always though the process of supplying
identy/credentials to JNDI for the connection and having those propogated
was part of the spec (crappy mechanisms that it is, notwithstanding)...
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
